Category Archives: Research

Research Projects

105 busted in global credit card fraud

What do the UK, Netherlands, Germany, Belgium, and Malaysia all have in common?
If you answered "a Credit Card syndicate which was disrupted by Europol's European Cybercrime Centre (EC3)" then you are correct.

The Organized Criminal Group (OCG) which was creating and abusing counterfeit credit cards all across Europe and in Malaysia recently had 3,000 counterfeit cards confiscated along with jewelry, cash, and fake passports.  

OCG was created in Malaysia and has been committing credit card fraud schemes by abusing less secure locations for shopping such as duty-free shops in airports and electronic stores and buying high priced ticket items.  Through cooperation of American Express with the EC3 and local law enforcement around the globe, the investigation running since end of 2015 was able to successfully capture 105 suspects.

Chromecast exploit package spawns a root shell on port 23

GTVHacker has stated:

How does the exploit work?

Lucky for us, Google was kind enough to GPL the bootloader source code for the device. So we can identify the exact flaw that allows us to boot the unsigned kernel. By holding down the single button, while powering the device, the Chromecast boots into USB boot mode. USB boot mode looks for a signed image at 0×1000 on the USB drive. When found, the image is passed to the internal crypto hardware to be verified, but after this process the return code is never checked! Therefore, we can execute any code at will.

ret = VerifyImage((unsigned int)k_buff, cpu_img_siz, (unsigned int)k_buff);

The example above shows the call made to verify the image, the value stored in ret is never actually verified to ensure that the call to “VerifyImage” succeeded. From that, we are able to execute our own kernel.

If you are in Vegas for DEF CON 21, check out – Google TV: Or How I Learned to Stop Worrying and Exploit Secure Boot by GTVHacker this Friday, August 2nd, at 3PM in the Penn and Teller Theater!

San Jose Medical Supply Company breach of customer data

California's San Jose Medical Supply Company recently began notifying current and former customers of a breach that their customers' personal information had been disclosed to competitors Front Medical Supplies, Inc. and/or Living Medical Equipment, Inc, including customers' full names, birthdates, Social Security numbers, home addresses, Medi-Cal ID numbers, physicians' names and contact information, prescriptions, past invoices, diagnoses and Disability Codes.

The notification letter sent out vehemently denies any wrongdoing by current employees or the owner:

"…In August 2011, the former owner of San Jose Medical passed away and thereafter the company continued operating through its employees and agents under the supervision of trustees. One year later, in August of 2012, the undersigned purchased San Jose Medical from the former owner’s probate estate…"

"…The individuals responsible for the security incident in 2011 were former employees,officers and/or agents of San Jose Medical. These individuals are no longer affiliated with San Jose Medical and a civil action has been brought against them in Santa Clara Superior Court in an effort to prevent further harm (Case No. 1?13?CV244620). The current owner had no knowledge or participation in the 2011 incidents…"

Security Analyst / ISSO position in Washington DC

About the Role
The Security Analyst/ISSO role is to work as an integral member of a team that supports security initiatives for the United States government.

Specific responsibilities of the role include, but are not limited to:
– Advise and assist with the security authorization process by developing a Systems Security Plan (SSP) and other artifacts
– Monitor and track security authorization activities through Authorization to Operate (ATO)
– Maintain documentation repositories (RMS and TAF) where security authorization documentation and artifacts are stored – Work closely with program office stakeholders to identify the appropriate certification/approval processes and authorities
– Record/register actions concerning ATOs
– Read and analyze SSPs and develop understanding of systems and applications into security test plans
– Support financial system audits
– Coordinate security authorization actions and system testing with appropriate security personnel
– Develop risk assessment reports Develop Plan of Action and Milestones (POA&Ms)
– Review audit logs for vulnerabilities
– Assemble and submit security authorization packages to Principal Accreditation Authority/Designated Accreditation Authority
– Review IA Compliance Validation Tests and Reports

Required Skills
– 1-3 years of experience in information security, with a concentration on security authorization as it applies to the US Government
– Knowledge of the federal security authorization (formerly known as Certification and Accreditation or C&A) process to include key activities and milestones required throughout each phase of the security authorization lifecycle
– Experience with the NIST/FISMA regulatory and compliance environment
– Highly-motivated, fast-learner who thrives in a fast paced environment
– Any security certification (e.g. CISSP, Security +, CAP, CISM, etc.)
– Be able to communicate effectively through written and verbal means to co-workers and senior leadership
– Be able to effectively manage multiple tasks simultaneously; coordinating and ensuring scheduled goals are met
– Be able to work well with collateral engineers, analysts and managers on related programs
– Active US Government security clearance (Minimum Secret level)
– Must be a US Citizen
– No relocation assistance. Candidates must be from the DC/MD/VA area.

Desired Skills
– Possess a B.A. or B.S. degree in related field
– Ability to offer security-related guidance on business processes, emerging technology and acquisitions, and vulnerability assessment/mitigation approaches Experience with DHS or DoD requirements Documentation, presentation, and technical writing experience

Send resumes to dan.waddell@eglobaltech.com

Apple employees’ mac computers hacked

Tue Feb 19, 2013 4:50pm EST per Reuters:

Unknown hackers infected the computers of some Apple workers when they visited a website for software developers that had been infected with malicious software. The malware had been designed to attack Mac computers.Mac computer

The same software, which infected Macs by exploiting a flaw in a version of Oracle Corp’s Java software used as a plug-in on Web browsers, was used to launch attacks against Facebook, which the social network disclosed on Friday.

The malware was also employed in attacks against Mac computers used by “other companies,” Apple said, without elaborating on the scale of the assault.